CWE · MITRE source
CWE-667Improper Locking
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Locking is a type of synchronization behavior that ensures that multiple independently-operating processes or threads do not interfere with each other when accessing the same resource. All processes/threads are expected to follow the same steps for locking. If these steps are not followed precisely - or if no locking is done at all - then another process/thread could modify the shared resource in a way that is not visible or predictable to the original process. This can lead to data or memory corruption, denial of service, etc.
Last updated: 04 July 2026 00:28 UTC
Cumulative inbound coverage
How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.
Collective: partial · 6 mapping(s) from 2 framework(s): CAPEC 3 (partial) · ATT&CK 3 (partial)
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
MITRE ATT&CK techniques this weakness enables
Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.
Direction: ← other covers this;
→ this covers other (F/M/P = full / mostly /
partial).
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2021-1782 KEV | 10.0 | 7.0 | 0.0222 | 2021-04-02 |
CVE-2025-43510 KEV | 10.0 | 7.8 | 0.0035 | 2025-12-12 |
CVE-2019-10072 | 8.0 | 7.5 | 0.7299 | 2019-06-21 |
CVE-2019-5886 | 7.0 | 9.8 | 0.0099 | 2019-01-10 |
CVE-2020-12658 | 7.0 | 9.8 | 0.0168 | 2020-12-31 |
CVE-2026-54906 | 7.0 | 9.8 | 0.0016 | 2026-06-24 |
CVE-2002-1850 | 6.0 | 7.5 | 0.1741 | 2002-12-31 |
CVE-2004-0174 | 6.0 | 7.5 | 0.1155 | 2004-05-04 |
CVE-2009-2699 | 6.0 | 7.5 | 0.1417 | 2009-10-13 |
CVE-2009-4272 | 6.0 | 7.5 | 0.1105 | 2010-01-27 |
CVE-2002-0051 | 5.5 | 7.8 | 0.0086 | 2002-04-04 |
CVE-2006-2275 | 5.5 | 7.5 | 0.0328 | 2006-05-09 |
CVE-2006-5158 | 5.5 | 7.5 | 0.0347 | 2006-10-05 |
CVE-2010-4210 | 5.5 | 7.8 | 0.0113 | 2010-11-22 |
CVE-2018-1000127 | 5.5 | 7.5 | 0.0232 | 2018-03-13 |
CVE-2018-0228 | 5.5 | 8.6 | 0.0361 | 2018-04-19 |
CVE-2019-11599 | 5.5 | 7.0 | 0.0099 | 2019-04-29 |
CVE-2019-2050 | 5.5 | 7.8 | 0.0014 | 2019-05-08 |
CVE-2019-6321 | 5.5 | 7.2 | 0.0145 | 2019-05-29 |
CVE-2019-2025 | 5.5 | 7.8 | 0.0052 | 2019-06-19 |
CVE-2019-15513 | 5.5 | 7.5 | 0.0175 | 2019-08-23 |
CVE-2019-2174 | 5.5 | 7.8 | 0.0014 | 2019-09-05 |
CVE-2019-10494 | 5.5 | 8.1 | 0.0032 | 2019-12-12 |
CVE-2020-10573 | 5.5 | 7.5 | 0.0084 | 2020-03-14 |
CVE-2019-14898 | 5.5 | 7.0 | 0.0044 | 2020-05-08 |